By WalkingTree December 11, 2020
Developers often leave sensitive pieces of code embedded in applications and files. One popular real-world example is the way in which some developers use GitHub, a hugely popular source-code management system. Most developers use GitHub casually, leading to an increased risk of insider threats and hacking incidents. In 2016, Uber’s source code repository was hacked via GitHub, accessing the intellectual property and the personal data of more than 7 million Uber drivers and 50 million users.
Keeping the secrets in a file and allowing access to a wider set of people will be a serious challenge. One way to solve this problem is to keep the secrets in a file but in an encrypted format and ensure only limited people can decrypt. Secrets management is challenging, especially for DevOps. Let’s take a look at why:
- Increased adoption of cloud-native development has led to a decentralization of secrets. If left to their own devices, these secrets can sprawl over time, leading to data breaches and privacy concerns.
- Many DevOps teams use different tools and often struggle to have a centralized system that can integrate with all these tools. Cloud-native secrets management tools are limited to a specific cloud provider.
- Most enterprises are unaware of where their secrets are located or who has access to them. This lack of understanding of the functioning of the DevOps pipeline often increases the risk of a data breach.
Read on to know more about Secrets management and why it is crucial for DevOps.
An integrated security practice within the DevOps process helps ongoing collaboration between engineers and security teams and build…
DevOps is the most recent tech absorption in enterprises with close sync between software development and IT operations…